similar to: Bug#1029830: xen: CVE-2022-42330

Source: xen Version: 4.17.0+46-gaaf74a532c-1 Severity: grave Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2022-42331[0]: | x86: speculative vulnerability in 32bit SYSCALL path Due to an | oversight in the very original Spectre/Meltdown security work | (XSA-254),

Source: xen Version: 4.17.0+24-g2f8851c37f-2 Severity: grave Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerability was published for xen, filling with RC severity (for ideally fixed before bookworm release): CVE-2022-27672[0]: | When SMT is enabled, certain AMD processors may speculatively execute |

Source: xen Version: 4.17.2+55-g0b56bed864-1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2023-46835[0]: | x86/AMD: mismatch in IOMMU quarantine page table levels CVE-2023-46836[1]: | x86: BTC/SRSO fixes not fully effective If you fix the

Source: xen Version: 4.20.0-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerability was published for xen. CVE-2024-28956[0]: | x86: Indirect Target Selection If you fix the vulnerability please also make sure to include the CVE (Common

Hi When building with GCC 10, gcc is stricter in handling handling of symbol clashes. Fedora, has fixed this with a patch from Dominik Mierzejewski: https://src.fedoraproject.org/rpms/tftp/c/5e2aa55b6802a52ef480d688b3ae4751220f20e0.patch Attaching the corresponding patch for git am. Regards, Salvatore >From 9e7641bf58df9dda3bc51f381f371fa7cbce47af Mon Sep 17 00:00:00 2001 From: Salvatore

Hi When building with GCC 10, gcc is stricter in handling handling of symbol clashes. Fedora, has fixed this with a patch from Dominik Mierzejewski: https://src.fedoraproject.org/rpms/tftp/c/5e2aa55b6802a52ef480d688b3ae4751220f20e0.patch Attaching the corresponding patch for git am. I'm sending the patch which was submitted a while ago to the list. Is there something you wanted to be

Source: xen Version: 4.8.1~pre.2017.01.23-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for xen. CVE-2017-7228[0]: | An issue (known as XSA-212) was discovered in Xen, with fixes available | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix | introduced an insufficient check on XENMEM_exchange input,

Source: xen Version: 4.4.1-9 Severity: normal Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for xen. CVE-2015-6654[0]: | The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, | 4.4.x, and earlier does not limit the number of printk console | messages when reporting a failure to retrieve a reference on a foreign | page, which allows

Mapping stable-security to proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 19 Apr 2016 20:42:09 +0200 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture:

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 19 Apr 2016 20:42:09 +0200 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture: all source Version: 4.4.1-9+deb8u5

Mapping stable-security to proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Oct 2015 06:53:56 +0100 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture:

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Oct 2015 06:53:56 +0100 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture: all source Version: 4.4.1-9+deb8u2

On Sun, Nov 15, 2020 at 6:43 PM Salvatore Bonaccorso <carnil at debian.org> wrote: > > Hi, > > On Fri, Aug 28, 2020 at 11:28:46AM +0200, Frantisek Hrbata wrote: > > Unprivileged user can crash kernel by using DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC > > ioctl. This was reported by trinity[1] fuzzer. > > > > [ 71.073906] nouveau 0000:01:00.0: crashme[1329]:

Source: xen Version: 4.4.1-9 Severity: normal Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for xen. CVE-2015-3340[0]: | Xen 4.2.x through 4.5.x does not initialize certain fields, which | allows certain remote service domains to obtain sensitive information | from memory via a (1) XEN_DOMCTL_gettscinfo or (2) | XEN_SYSCTL_getdomaininfolist request.

Mapping oldstable-security to oldstable-proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Oct 2015 07:08:27 +0100 Source: xen Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Oct 2015 07:08:27 +0100 Source: xen Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386 Architecture: source all amd64 Version: 4.1.4-3+deb7u9

Source: xen Version: 4.3.0-1 Severity: serious Justification: FTBFS Hi New uploaded xen 4.3.0-1 FTBFS, see [1] for build log for i386. [1] https://buildd.debian.org/status/fetch.php?pkg=xen&arch=i386&ver=4.3.0-1&stamp=1378426577 Regards, Salvatore

On Sat, May 02, 2015 at 07:04:34AM +0200, Salvatore Bonaccorso wrote: > the following vulnerability was published for xen. I consider this issue as unimportant. Not sure how I can mark it this way in the security tracker. Bastian -- Knowledge, sir, should be free to all! -- Harry Mudd, "I, Mudd", stardate 4513.3

On Sun, Jan 29, 2023 at 10:36:31PM +0100, Computer Enthusiastic wrote: > Hello Greg, > Hello Salvatore, > > On 28/01/2023 20:49, Salvatore Bonaccorso wrote: > > Hi Greg, > > > > I'm not the reporter, so would like to confirm him explicitly, but I > > believe I can give some context: > > > > On Sat, Jan 28, 2023 at 06:51:08PM +0100, Greg KH

Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"): > On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote: > > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: > > > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > > > > Sorry for the late reply, was on vacation for a week.